jdLite Goz 逆向+IDA伪代码+追踪+飞车
本帖最后由 jiaochuan 于 2020-4-29 22:53 编辑一个菜B项目天天装13装nm呢?
120秒逆向 垃圾代码看的脑壳疼
垃圾追踪
Hook点
jdLite-Win64-Shipping.exe+0x1A808B4
ShellCode
.text:0000000000011090 sub_11090 proc near ; DATA XREF: sub_2110+3B3↑o
.text:0000000000011090
.text:0000000000011090 arg_60 = qword ptr68h
.text:0000000000011090
.text:0000000000011090 cmp cs:byte_6DDFF, 0
.text:0000000000011097 jz short loc_110BA
.text:0000000000011099 push rdx
.text:000000000001109A push rcx
.text:000000000001109B mov rcx, rax ; //(敌 - 我坐标) / 1000.f 带瞬击
.text:000000000001109E mov edx, cs:追踪X
.text:00000000000110A4 mov , edx
.text:00000000000110A6 mov edx, cs:追踪Y
.text:00000000000110AC mov , edx
.text:00000000000110AF mov edx, cs:追踪Z
.text:00000000000110B5 mov , edx
.text:00000000000110B8 pop rcx
.text:00000000000110B9 pop rdx
.text:00000000000110BA
.text:00000000000110BA loc_110BA: ; CODE XREF: sub_11090+7↑j
.text:00000000000110BA movsd xmm0, qword ptr
.text:00000000000110BE mov eax,
.text:00000000000110C1 movapsxmm6, xmm0
.text:00000000000110C4 movsd , xmm0
.text:00000000000110CA movss xmm7, dword ptr
.text:00000000000110D0 jmp cs:qword_5DDD8
.text:00000000000110D0 sub_11090 endp
逼佬使用的垃圾飞车
代码直接贴出来
偏移量
uint64_t offset_vehicle_mesh = 0x04D8;
uint64_t offset_set_all_physics_linear_velocify = 0x5B0;
uint64_t offset_set_all_physics_angular_velocify = 0x708;
uint64_t offset_set_enable_gravity = 0x738;
uint64_t offset_set_aactor_enable_collision = 0x4BC430;
void FlyCar(uint64_t pawn, FVector local_rotation, int FlyCarType)
{
auto VehicleMesh = Read<uint64_t>(pawn + offset_vehicle_mesh);
if (!(VehicleMesh > 0xFFFFF && VehicleMesh < 0xFFFFFFFFFFF))
return;
uint64_t p_VehicleMesh = Read<uint64_t>(VehicleMesh);
typedef void(__fastcall *SetAllPhysicsLinearVelocity_t)(int64_t mesh, struct FVector NewVel, bool bAddToCurrent);
SetAllPhysicsLinearVelocity_t pSetAllPhysicsLinearVelocity = reinterpret_cast<SetAllPhysicsLinearVelocity_t>(Read<int64_t>(Read<int64_t>(VehicleMesh) + offset_set_all_physics_linear_velocify));
typedef void(__fastcall *SetAllPhysicsAngularVelocity_t)(int64_t mesh, struct FVector NewVel, bool bAddToCurrent);
SetAllPhysicsAngularVelocity_t pSetAllPhysicsAngularVelocity = reinterpret_cast<SetAllPhysicsAngularVelocity_t>(Read<int64_t>(Read<int64_t>(VehicleMesh) + offset_set_all_physics_angular_velocify));
typedef void(__fastcall *SetActorEnableCollision_t)(int64_t aactor, bool bNewActorEnableCollision);
SetActorEnableCollision_t pSetActorEnableCollision = reinterpret_cast<SetActorEnableCollision_t>(_base + offset_set_aactor_enable_collision);
typedef void(__fastcall *SetEnableGravity_t)(int64_t mesh, bool bGravityEnabled);
SetEnableGravity_t pSetEnableGravity = reinterpret_cast<SetEnableGravity_t>(Read<int64_t>(Read<int64_t>(VehicleMesh) + offset_set_enable_gravity));
if (FlyCarType >= 2) {
pSetEnableGravity(VehicleMesh, false); // Closing gravity
}
else {
pSetEnableGravity(VehicleMesh, true);// Start-up gravity
}
if (FlyCarType == 3) {
pSetActorEnableCollision(pawn, false); // Ignore the wall
}
else {
pSetActorEnableCollision(pawn, true);// wall
}
if (FlyCarType == 0) return;
int speed = 60 * 2; //spped
float coeff = (60.f * 60.f) * speed * 0.01f;// Here control speed 60 * 60 fixed modification 10.f
if (GetAsyncKeyState2(VK_SHIFT))
{
coeff *= 2;
}
bool bKp = false;
pSetAllPhysicsAngularVelocity(VehicleMesh, { 0.f, 0.f, 0.f }, false);
pSetAllPhysicsLinearVelocity(VehicleMesh, { 0.f, 0.f, 0.f }, false);
if (/* Q */ GetAsyncKeyState2(0x51)) {
pSetAllPhysicsLinearVelocity(VehicleMesh, { 0.f, 0.f, coeff / 4 }, true);// Rising speed can be modified by itself
bKp = true;
}
if (/* E */ GetAsyncKeyState2(0x45)) {
pSetAllPhysicsLinearVelocity(VehicleMesh, { 0.f, 0.f, -(coeff / 4) }, true);// Decline can be modified by itself
bKp = true;
}
if (/* W */ GetAsyncKeyState2(0x57)) {
FVector vel;
auto yaw = local_rotation.Y;
float theta = 2.f * PI * (yaw / 360.f);
vel.X = (coeff * cosf(theta));
vel.Y = (coeff * sinf(theta));
pSetAllPhysicsLinearVelocity(VehicleMesh, vel, true);
bKp = true;
}
if (/* S */ GetAsyncKeyState2(0x53)) {
FVector vel;
auto yaw = local_rotation.Y;
float theta = 2.f * PI * (yaw / 360.f);
vel.X = -(coeff * cosf(theta));
vel.Y = -(coeff * sinf(theta));
pSetAllPhysicsLinearVelocity(VehicleMesh, { vel }, true);
bKp = true;
}
if (/* A */ GetAsyncKeyState2(0x41)) {
pSetAllPhysicsAngularVelocity(VehicleMesh, { 0.f, 0.f, -60.f }, true);// Left turn speed - 20 self-modifying
bKp = true;
}
if (/* D */ GetAsyncKeyState2(0x44)) {
pSetAllPhysicsAngularVelocity(VehicleMesh, { 0.f, 0.f, 60.f }, true); // Right Turn Speed 20 Self-modifying
bKp = true;
}
if (!bKp || GetAsyncKeyState2(VK_SPACE))
{
pSetAllPhysicsLinearVelocity(VehicleMesh, { 0.f, 0.f, 0.f }, false);
}
}
美图欣赏
这里是追踪HOOK:
追踪调用:
内存功能: 内含 人物高跳 人物加速 爷几年前玩过的东西还拉出来
用到了 UCharacterMovementComponent和USTCharacterMovementComponent
附件包含:
DLL
驱动DLL
所用到对应的class
**** Hidden Message *****
学习一下 学习一下 看看学习一些 我去牛鼻阿 GLite Goz 逆向+IDA {:sweat:}{:sweat:}{:sweat:}{:sweat:}
GLite Goz 逆向 GLite Goz 逆向+IDA伪代码+追踪+飞车 [修改] 真牛逼真牛逼真牛逼真牛逼 回复看隐藏